IN THE CLAIMS : 

Please amend claims 26 and 32-36 as follows. 

1. (Cancelled) 

2. (Previously Presented) A method comprising: 

maintaining in a mobile communication system subscriber's location information; 

receiving a message from subscriber's user equipment, said message indicating 
that an address of a certificate provisioning gateway for certificate issuance and delivery 
procedure in a visited network is requested by the subscriber's user equipment, the 
certificate provisioning gateway serving at least one certificate authority, the message 
further comprising the address of the certificate provisioning gateway; 

determining, in response to receiving the message, on the basis of the subscriber's 
location information, an address of the certificate provisioning gateway; 

checking whether or not the address in the message corresponds to the address 
determined on the basis of the location information; and 

if they do not correspond to each other, using the address determined on the basis 
of the location information. 

3. (Previously Presented) A method comprising: 

maintaining in a mobile communication system subscriber's location information; 
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receiving a message from subscriber's user equipment, the message comprising 
subscriber's location information and indicating that an address of a certificate 
provisioning gateway for certificate issuance and delivery procedure in a visited network 
is requested by the subscriber's user equipment, the certificate provisioning gateway 
serving at least one certificate authority; 

checking, in response to receiving the message, whether or not the location 
information in the message corresponds to the location information maintained in the 
system; and 

using the maintained location information for determining the address of the 
certificate provisioning gateway if the maintained location information does not 
correspond to the location information in the message. 

4-5. (Cancelled) 

6. (Previously Presented) The method of claim 24, further comprising: 
authenticating the subscriber; and 

transmitting during the subscriber authentication to the user equipment at least part 
of the information required for obtaining a certificate from a certificate issuance service 
in another network than a home network in a mobile communication system after the 
subscriber authentication, the part of the information including at least one from a group 
comprising an address of a certificate provisioning gateway via which the certificate 
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issuance service is provided in the other network, the certificate provisioning gateway 
serving at least one certificate authority, a public key required for the certificate issuance 
service in the other network, and an indication of the protocol required for the certificate 
issuance service in the other network. 

7. (Previously Presented) The method of claim 6, further comprising: 
performing the authentication as an application level authentication. 

8. (Previously Presented) The method of claim 6, further comprising: 
utilizing said part of the information during a certificate issuance procedure after 

the authentication in a visited network by the user equipment. 

9. (Previously Presented) The method of claim 6, further comprising: 
transmitting in said part of the information location network specific information. 

10-12. (Cancelled) 

13. (Previously Presented) The method of claim 6, further comprising, when said 
part of the information includes at least the address of the certificate provisioning 
gateway via which the certificate issuance service is provided, transmitting from the user 
equipment a certificate request to the certificate provisioning gateway. 
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14. (Previously Presented) The method of claim 26, further comprising: 
authenticating the subscriber; and 

transmitting, in response to the message, to the user equipment in a reply message 
at least part of information required for obtaining a certificate from the certificate 
issuance service in the other network, the part of the information including at least one 
from a group comprising an address of a certificate provisioning gateway via which the 
certificate issuance service is provided in the other network, the certificate provisioning 
gateway serving at least one certificate authority, a public key required for the certificate 
issuance service in the other network, and an indication of the protocol required for the 
certificate issuance service in the other network. 

15. (Previously Presented) The method of claim 14, further comprising: 
transmitting the message and the reply message in an integrity protected channel. 

16. (Cancelled) 

17. (Previously Presented) The method of claim 14, further comprising, when said 
part of the information includes at least the address of the certificate provisioning 
gateway via which the certificate issuance service is provided, transmitting from the user 
equipment a certificate request to the certificate provisioning gateway. 
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18-23. (Cancelled) 



24. (Previously Presented) A method comprising: 

maintaining in a mobile communication system subscriber's location information; 

receiving a message from subscriber's user equipment, the message comprising 
subscriber's location information and indicating that an address of a certificate 
provisioning gateway for certificate issuance and delivery procedure in a visited network 
is requested by the subscriber's user equipment, the certificate provisioning gateway 
serving at least one certificate authority; 

checking, in response to receiving the message, whether or not the location 
information in the message corresponds to the location information maintained in the 
system; 

if the maintained location information corresponds to the location information in 
the message, determining on the basis of the subscriber's location information the address 
of the certificate provisioning gateway; and 

if the maintained location information does not correspond to the location 
information in the message, sending an error indication by using the maintained location 
information. 

25. (Previously Presented) A method comprising: 
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maintaining in a mobile communication system subscriber's location information; 

receiving a message from subscriber's user equipment, the message comprising 
subscriber's location information and indicating that an address of a certificate 
provisioning gateway for certificate issuance and delivery procedure in a visited network 
is requested by the subscriber's user equipment, the certificate provisioning gateway 
serving at least one certificate authority; 

checking, in response to receiving the message, whether or not the location 
information in the message corresponds to the location information maintained in the 
system; 

determining, on the basis of the subscriber's location information the address of 
the certificate provisioning gateway; if the location information in the message 
corresponds to the maintained location information; and 

using the location information in the message if the location information in the 
message does not correspond to the maintained location information. 

26. (Currently Amended) A method comprising: 

maintaining in a mobile communication system subscriber's location information; 

receiving a message from subscriber's user equipment the message comprising 
subscriber's location information and indicating that an address of a certificate 
provisioning gateway for certificate issuance and delivery procedure in a visited network 
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is requested by the subscriber's user equipment, the certificate provisioning gateway 
serving at least one certificate authority; 

checking, in response to receiving the message, whether or not the location 
information in the message corresponds to the location information maintained in the 
system; 

if the location information in the message corresponds to the maintained location 
information, determining on the basis of the subscriber's location information the address 
of the certificate provisioning gateway; and 

if the location information in the message does not correspond to the maintained 
location information, sending an error indication by using the location information in the 
message. 

27. (Previously Presented) The method of claim 25, comprising: 
authenticating the subscriber; and 

transmitting after the authentication via an authenticated channel to subscriber's 
user equipment at least part of information required for a certificate issuance service in 
another network than a home network of the subscriber, said at least part of the 
information comprising information required for obtaining a certificate from the 
certificate issuance service in the other network. 



28-31. (Cancelled) 
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32. (Currently Amended) A certificate provisioning gatewav An apparatus . 



a processor configured to serve a certificate authority in a mobile communication 
system^ 

to determine, in response to receiving from subscriber's user equipment a message 
indicating a request for an address of another certificate provisioning gateway for 
certificate issuance and delivery procedure, the message further comprising an address of 
the other certificate provisioning gateway, an address of the other certificate provisioning 
gateway on the basis of subscriber's location information maintained in and obtained 
from the mobile communication system, 

to check whether or not the address in the message corresponds to the address 
determined on the basis of the location information^ and 

if they do not correspond to each other, to use the address determined on the basis 
of the location information. 

33. (Currently Amended) A certificate provi s ioning gateway configur o dA n 
apparatus, comprising : 

a processor configured to serve a certificate authority in a mobile communication 
system^ 
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to check, in response to receiving from subscriber's user equipment a message 
comprising subscriber's location information and indicating a request for an address of 
another certificate provisioning gateway for certificate issuance and delivery procedure in 
a visited network, whether or not the location information in the message corresponds to 
subscriber's location information maintained in and obtained from the systemt-^and 

to use the maintained location information for determinin g to determine the address 
of the other certificate provisioning gateway if the maintained location information does 
not correspond to the location information in the message. 

34. (Currently Amended) A certificate provisioning gateway, contigured An 
apparatus, comprising : 

a processor configured to serve a certificate authority in a mobile communication 
system^ 

to check, in response to receiving from subscriber's user equipment a 
message comprising subscriber's location information and indicating that an address of 
another certificate provisioning gateway for certificate issuance and delivery procedure in 
a visited network is requested, whether or not the location information in the message 
corresponds to subscriber's location information maintained in and obtained from the 
system^ 
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if the location information in the message corresponds to the maintained 
location information, to determine an address of the other certificate provisioning 
gateway on the basis of the subscriber's location informationt-^and 

if the maintained location information does not correspond to the location 
information in the message, to send an error indication by using the maintained location 
information. 

35. (Currently Amended) A certificate provisioning gateway configuredA n 
apparatus, comprising : 

a processor configured to serve a certificate authority in a mobile communication 
systems 

to check, in response to receiving from subscriber's user equipment a 
message comprising subscriber's location information and indicating a request for an 
address of another certificate provisioning gateway for certificate issuance and delivery 
procedure in a visited network, whether or not the location information in the message 
corresponds to the location information maintained in the system^ and 

to use the location information in the message for d e termining t o determine 
the address of the other certificate provisioning gateway if the location information does 
not correspond to the maintained location information. 
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36. (Currently Amended) A certificate provisioning gateway configuredA n 
apparatus comprising : 

a processor configured to serve a certificate authority in a mobile communication 
system^ 

to check, in response to receiving from subscriber's user equipment a 
message comprising subscriber's location information and indicating a request for an 
address of another certificate provisioning gateway for certificate issuance and delivery 
procedure in a visited networks whether or not the location information in the message 
corresponds to subscriber's location information maintained in and obtained from the 
system^ 

to determine on the basis of the subscriber's location information the 
address of the other certificate provisioning gateway, if the location information in the 
message corresponds to the maintained location information^ and 

if the location information does not correspond to the maintained location 
information, to send an error indication by using the location information in the message. 

37. (Previously Presented) The method as claimed in claim 2, wherein a 
certificate authority is a trusted third party. 
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38. (Previously Presented) The method as claimed in claim 2, wherein a 
certificate authority is a trusted third party and does not include an authorization, 
authentication and accounting server. 
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